Show filters
71 Total Results
Displaying 51-60 of 71
Sort by:
Attacker Value
Unknown

CVE-2018-3818

Disclosure Date: March 30, 2018 (last updated November 26, 2024)
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
0
Attacker Value
Unknown

CVE-2018-3820

Disclosure Date: March 30, 2018 (last updated November 26, 2024)
Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Attacker Value
Unknown

CVE-2018-3821

Disclosure Date: March 30, 2018 (last updated November 26, 2024)
Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Attacker Value
Unknown

CVE-2018-3819

Disclosure Date: March 30, 2018 (last updated November 26, 2024)
The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.
0
Attacker Value
Unknown

CVE-2017-11482

Disclosure Date: December 08, 2017 (last updated November 26, 2024)
The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.
0
Attacker Value
Unknown

CVE-2017-11481

Disclosure Date: December 08, 2017 (last updated November 26, 2024)
Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
0
Attacker Value
Unknown

CVE-2017-11479

Disclosure Date: September 29, 2017 (last updated November 26, 2024)
Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
0
Attacker Value
Unknown

CVE-2017-8443

Disclosure Date: June 30, 2017 (last updated November 26, 2024)
In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs.
0
Attacker Value
Unknown

CVE-2016-1000219

Disclosure Date: June 16, 2017 (last updated November 26, 2024)
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.
0
Attacker Value
Unknown

CVE-2015-9056

Disclosure Date: June 16, 2017 (last updated November 26, 2024)
Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack.
0